fix: fixes lint issues and generate metadata (#175)

Co-authored-by: Awais Malik <[email protected]>

.kitchen.yml

@@ -32,6 +32,7 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/additive
+      verify_version: false
     verifier:
       name: terraform
       systems:
@@ -46,6 +47,7 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/authoritative
+      verify_version: false
     verifier:
       name: terraform
       systems:
@@ -64,6 +66,7 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/static-and-dynamic
+      verify_version: false
     verifier:
       name: terraform
       systems:
@@ -77,6 +80,7 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/member-iam
+      verify_version: false
     verifier:
       name: terraform
       systems:
@@ -90,6 +94,7 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/billing-iam
+      verify_version: false
     verifier:
       name: terraform
       systems:
@@ -103,6 +108,7 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/custom-role
+      verify_version: false
     verifier:
       name: terraform
       systems:

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.10
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

build/int.cloudbuild.yaml

@@ -275,4 +275,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'

examples/kms_crypto_key/README.md

@@ -10,7 +10,6 @@ This example illustrates how to use the `kms_crypto_keys_iam` submodule
 | group\_email | Email for group to receive roles (ex. [email protected]) | `string` | n/a | yes |
 | kms\_crypto\_key\_one | First kms\_cripto\_key to add the IAM policies/bindings | `string` | n/a | yes |
 | kms\_crypto\_key\_two | Second kms\_cripto\_key to add the IAM policies/bindings | `string` | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. [email protected]) | `string` | n/a | yes |
 | user\_email | Email for group to receive roles (Ex. [email protected]) | `string` | n/a | yes |
 
 ## Outputs

examples/kms_crypto_key/variables.tf

@@ -19,11 +19,6 @@ variable "group_email" {
   description = "Email for group to receive roles (ex. [email protected])"
 }
 
-variable "sa_email" {
-  type        = string
-  description = "Email for Service Account to receive roles (Ex. [email protected])"
-}
-
 variable "user_email" {
   type        = string
   description = "Email for group to receive roles (Ex. [email protected])"

examples/kms_key_ring/README.md

@@ -10,7 +10,6 @@ This example illustrates how to use the `kms_key_rings_iam` submodule
 | group\_email | Email for group to receive roles (ex. [email protected]) | `string` | n/a | yes |
 | kms\_key\_ring\_one | First kms\_ring to add the IAM policies/bindings | `string` | n/a | yes |
 | kms\_key\_ring\_two | First kms\_ring to add the IAM policies/bindings | `string` | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. [email protected]) | `string` | n/a | yes |
 | user\_email | Email for group to receive roles (Ex. [email protected]) | `string` | n/a | yes |
 
 ## Outputs

examples/kms_key_ring/variables.tf

@@ -19,11 +19,6 @@ variable "group_email" {
   description = "Email for group to receive roles (ex. [email protected])"
 }
 
-variable "sa_email" {
-  type        = string
-  description = "Email for Service Account to receive roles (Ex. [email protected])"
-}
-
 variable "user_email" {
   type        = string
   description = "Email for group to receive roles (Ex. [email protected])"

examples/service_account/README.md

@@ -7,13 +7,12 @@ This example illustrates how to use the `service_accounts_iam` submodule
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| credentials\_file\_path | Path to the service account | `any` | n/a | yes |
-| group\_email | Email for group to receive roles (ex. [email protected]) | `string` | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. [email protected]) | `string` | n/a | yes |
-| service\_account\_one | First service Account to add the IAM policies/bindings | `string` | n/a | yes |
-| service\_account\_project | Project id of the service account | `string` | n/a | yes |
-| service\_account\_two | First service Account to add the IAM policies/bindings | `string` | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. [email protected]) | `string` | n/a | yes |
+| group\_email | Email for group to receive roles (ex. [email protected]) | `string` | `"[email protected]"` | no |
+| sa\_email | Email for Service Account to receive roles (Ex. [email protected]) | `string` | `"[email protected]"` | no |
+| service\_account\_one | First service Account to add the IAM policies/bindings | `string` | `"[email protected]"` | no |
+| service\_account\_project | Project id of the service account | `string` | `"ci-iam-0c5f"` | no |
+| service\_account\_two | First service Account to add the IAM policies/bindings | `string` | `"[email protected]"` | no |
+| user\_email | Email for group to receive roles (Ex. [email protected]) | `string` | `"[email protected]"` | no |
 
 ## Outputs
 

examples/service_account/variables.tf

@@ -17,16 +17,20 @@
 variable "group_email" {
   type        = string
   description = "Email for group to receive roles (ex. [email protected])"
+  default     = "[email protected]"
 }
 
 variable "sa_email" {
   type        = string
   description = "Email for Service Account to receive roles (Ex. [email protected])"
+  default     = "[email protected]"
 }
 
 variable "user_email" {
   type        = string
   description = "Email for group to receive roles (Ex. [email protected])"
+  default     = "[email protected]"
+
 }
 
 /******************************************
@@ -35,18 +39,17 @@ variable "user_email" {
 variable "service_account_project" {
   type        = string
   description = "Project id of the service account"
+  default     = "ci-iam-0c5f"
 }
 
 variable "service_account_one" {
   type        = string
   description = "First service Account to add the IAM policies/bindings"
+  default     = "[email protected]"
 }
 
 variable "service_account_two" {
   type        = string
   description = "First service Account to add the IAM policies/bindings"
-}
-
-variable "credentials_file_path" {
-  description = "Path to the service account"
+  default     = "[email protected]"
 }

metadata.yaml

@@ -0,0 +1,150 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-iam
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  title: Google IAM Terraform Module
+  source:
+    repo: https://github.com/terraform-google-modules/terraform-google-iam.git
+    sourceType: git
+  subBlueprints:
+  - name: artifact_registry_iam
+    location: modules/artifact_registry_iam
+  - name: audit_config
+    location: modules/audit_config
+  - name: bigquery_datasets_iam
+    location: modules/bigquery_datasets_iam
+  - name: billing_accounts_iam
+    location: modules/billing_accounts_iam
+  - name: custom_role_iam
+    location: modules/custom_role_iam
+  - name: folders_iam
+    location: modules/folders_iam
+  - name: helper
+    location: modules/helper
+  - name: kms_crypto_keys_iam
+    location: modules/kms_crypto_keys_iam
+  - name: kms_key_rings_iam
+    location: modules/kms_key_rings_iam
+  - name: member_iam
+    location: modules/member_iam
+  - name: organizations_iam
+    location: modules/organizations_iam
+  - name: projects_iam
+    location: modules/projects_iam
+  - name: pubsub_subscriptions_iam
+    location: modules/pubsub_subscriptions_iam
+  - name: pubsub_topics_iam
+    location: modules/pubsub_topics_iam
+  - name: secret_manager_iam
+    location: modules/secret_manager_iam
+  - name: service_accounts_iam
+    location: modules/service_accounts_iam
+  - name: storage_buckets_iam
+    location: modules/storage_buckets_iam
+  - name: subnets_iam
+    location: modules/subnets_iam
+  examples:
+  - name: bigquery_dataset
+    location: examples/bigquery_dataset
+  - name: billing_account
+    location: examples/billing_account
+  - name: custom_role_org
+    location: examples/custom_role_org
+  - name: custom_role_project
+    location: examples/custom_role_project
+  - name: folder
+    location: examples/folder
+  - name: kms_crypto_key
+    location: examples/kms_crypto_key
+  - name: kms_key_ring
+    location: examples/kms_key_ring
+  - name: member_iam
+    location: examples/member_iam
+  - name: organization
+    location: examples/organization
+  - name: project
+    location: examples/project
+  - name: project_conditions
+    location: examples/project_conditions
+  - name: pubsub_subscription
+    location: examples/pubsub_subscription
+  - name: pubsub_topic
+    location: examples/pubsub_topic
+  - name: secret_manager
+    location: examples/secret_manager
+  - name: service_account
+    location: examples/service_account
+  - name: stackdriver_agent_roles
+    location: examples/stackdriver_agent_roles
+  - name: storage_bucket
+    location: examples/storage_bucket
+  - name: subnet
+    location: examples/subnet
+  roles:
+  - level: Project
+    roles:
+    - roles/iam.organizationRoleAdmin
+    - roles/orgpolicy.policyAdmin
+    - roles/resourcemanager.organizationAdmin
+  - level: Project
+    roles:
+    - roles/owner
+    - roles/resourcemanager.projectIamAdmin
+    - roles/iam.serviceAccountAdmin
+    - roles/compute.admin
+    - roles/compute.networkAdmin
+    - roles/compute.storageAdmin
+    - roles/pubsub.admin
+    - roles/cloudkms.admin
+    - roles/storage.admin
+    - roles/composer.worker
+    - roles/secretmanager.admin
+  - level: Project
+    roles:
+    - roles/resourcemanager.projectCreator
+    - roles/resourcemanager.folderAdmin
+    - roles/resourcemanager.folderIamAdmin
+    - roles/owner
+    - roles/billing.projectManager
+    - roles/composer.worker
+  - level: Project
+    roles:
+    - roles/billing.user
+  - level: Project
+    roles:
+    - roles/billing.admin
+  services:
+  - admin.googleapis.com
+  - appengine.googleapis.com
+  - cloudbilling.googleapis.com
+  - cloudresourcemanager.googleapis.com
+  - compute.googleapis.com
+  - iam.googleapis.com
+  - iamcredentials.googleapis.com
+  - oslogin.googleapis.com
+  - serviceusage.googleapis.com
+  - cloudkms.googleapis.com
+  - pubsub.googleapis.com
+  - storage-api.googleapis.com
+  - servicenetworking.googleapis.com
+  - storage-component.googleapis.com
+  - iap.googleapis.com
+  - secretmanager.googleapis.com
+  - bigquery.googleapis.com